server/Workstation
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
d780a94e9a06c04beaa78b18ac734ff224e79904
Workstation/arch.md
ducoterra d780a94e9a fix numbering
2023-08-06 09:53:58 -04:00

15 KiB
Raw Blame History

Arch with Gnome

Installation

Follow most of the instructions here: https://wiki.archlinux.org/title/Installation_guide

  1. Download Arch

  2. Verify the image

  3. Create a bootable ISO

  4. Disable secureboot (reenable later)

  5. Boot into the live image

  6. Check for network connectivity

    # Check for internet
ip a
ping archlinux.org

  7. timedatectl to update system clock

  8. Create disk partitions

    fdisk -l
fdisk /dev/vda
    • +1G for /boot
    • t EFI SYSTEM for /boot
    • remaining for /

  9. mkfs.fat -F 32 /dev/vda1 (/mnt/boot partition)

  10. cryptsetup luksFormat /dev/vda2

  11. cryptsetup luksOpen /dev/vda2 root

  12. mkfs.btrfs /dev/mapper/root (root partition)

  13. Mount the root partition with mount /mnt

  14. Mount the boot partition with mount --mkdir /mnt/boot

  15. pacstrap -K /mnt base linux linux-firmware

    Note: linux-zen works, linux-hardened breaks appimages

  16. genfstab -U /mnt >> /mnt/etc/fstab

  17. arch-chroot /mnt

  18. ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime

  19. hwclock --systohc

  20. echo 'LANG=en_US.UTF-8' > /etc/locale.conf

  21. echo 'KEYMAP=us' > /etc/vconsole.conf

  22. echo 'hostname' > /etc/hostname

  23. pacman -S sudo vim gdm gnome dhclient dhcpcd bash-completion grub

  24. grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT (this will fail)

  25. Note: for some systems you'll have to move grubx64.efi into an expected location:

    cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi

  26. Edit /etc/default/grub

    GRUB_CMDLINE_LINUX="quiet splash rd.luks.uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
GRUB_ENABLE_CRYPTODISK=y
GRUB_DISABLE_SUBMENU=y
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true

  27. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt

    HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

  28. mkinitcpio -P

  29. grub-mkconfig -o /boot/grub/grub.cfg

  30. sudo systemctl enable gdm

  31. useradd ducoterra

  32. passwd ducoterra

  33. groupadd sudo

  34. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege

  35. usermod -aG sudo ducoterra

  36. usermod -aG wheel ducoterra

  37. mkdir /home/ducoterra

  38. chown ducoterra:ducoterra /home/ducoterra

  39. exit

  40. reboot

Post Install

Locale

Set up locale with correct information (required for certain binaries like minecraft-launcher)

  1. vim /etc/locale.gen

    Uncomment the line:

    en_US.UTF-8 UTF-8

  2. sudo locale-gen

Hardware Acceleration

(This helps enable hardware encoding/decoding for steam streaming)

Intel

sudo pacman -S libva-utils intel-media-driver
vainfo

AMD

sudo pacman -S libva-utils libva-mesa-driver mesa-vdpau

Firewall

sudo pacman -S ufw
sudo ufw enable

Power Management

  1. For laptops install tlp

    sudo pacman -S tlp
sudo systemctl enable --now tlp

  2. For desktops install cpupower

    sudo pacman -S cpupower
systemctl enable --now cpupower

    Temporarily set power profile with cpupower frequency-set -g performance

    Edit /etc/default/cpupower

    governor='performance'

TPM2 LUKS Decryption

  1. pacman -S tpm2-tss
  2. systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""

Don't sleep while plugged in

This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up.

/etc/systemd/logind.conf

...
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=ignore
...

Fingerprint Reader Support

  1. sudo pacman -S fprintd

  2. sudo systemctl enable --now fprintd

  3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)

    sudo vim /etc/pam.d/sudo and at the top of the file:

    # fingerprint auth
auth      sufficient pam_fprintd.so

    sudo vim /etc/pam.d/system-auth and at the top of the file:

    # fingerprint auth
auth      sufficient pam_fprintd.so

Turn Off Fingerprint When Laptop Lid Closed

To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open.

We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status.

Follow the steps below:

  1. pacman -S acpid and then systemctl enable --now acpid

  2. Create a .locks file in your home dir: mkdir ~/.locks

  3. Create file /etc/acpi/laptop-lid.sh with the following contents:

    #!/bin/bash

lock=/home/ducoterra/.locks/fprint-disabled.lock

if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
    # This is used to detect if a display is connected.
    # For USB C displayport use: 
    # grep -Fxq connected /sys/class/drm/card1-DP-2/status
    # For hdmi use:
    # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
then
    touch "$lock"
    systemctl stop fprintd
    systemctl mask fprintd
elif [ -f "$lock" ]
then
    systemctl unmask fprintd
    systemctl start fprintd
    rm -f "$lock"
fi

  4. Make the file executable with

    chmod +x /etc/acpi/laptop-lid.sh

  5. Create file /etc/acpi/events/laptop-lid with the following contents:

    event=button/lid.*
action=/etc/acpi/laptop-lid.sh

  6. Restart the acpid service with:

    systemctl restart acpid

Now the fingerprint will be used only when the lid is open.

In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following:

  1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents:

    [Unit]
Description=Laptop Lid
After=suspend.target

[Service]
ExecStart=/etc/acpi/laptop-lid.sh

[Install]
WantedBy=multi-user.target
WantedBy=suspend.target

  2. Reload the systemd config files with

    sudo systemctl daemon-reload

  3. Start and enable the service with

    sudo systemctl enable --now laptop-lid.service

Now the status should be correct even after connecting/disconnecting when the computer is off.

AppImage Support

fuse is required to run most appimages.

Also chmod +x before running.

  1. sudo pacman -S fuse

  2. `cp ~/Downloads/xxxxxxx.appimage ~/Applications

  3. Write a .desktop entry at ~/.local/share/applications/

    [Desktop Entry]
Encoding=UTF-8
Name=
Exec=/home/ducoterra/Applications/
Icon=/home/ducoterra/Applications/
Type=Application
Categories=;

Bluetooth

  1. sudo pacman -S bluez bluez-utils
  2. sudo systemctl enable --now bluetooth

Audio

Without pipewire-pulse the audio level/device will reset every reboot.

  1. sudo pacman -S pipewire-pulse (remove conflicting packages)

Firefox

You'll want firefox and gnome-browser-connector (for gnome extension management).

sudo pacman -S firefox gnome-browser-connector

RDP Remote Desktop

  1. sudo pacman -S remmina freerdp

Virtualization

  1. Install virtualization capabilties

    sudo pacman -S qemu-full
sudo pacman -S libvirt
sudo pacman -S iptables-nft dnsmasq
sudo pacman -S virt-manager qemu-desktop
sudo usermod -aG libvirt ducoterra
sudo virsh net-autostart default

  2. Edit /etc/libvirt/libvirtd.conf

    ...
unix_sock_group = 'libvirt'
...
unix_sock_rw_perms = '0770'
...

  3. Edit /etc/libvirt/qemu.conf

    # Some examples of valid values are:
#
#       user = "qemu"   # A user named "qemu"
#       user = "+0"     # Super user (uid=0)
#       user = "100"    # A user named "100" or a user with uid=100
#
user = "ducoterra"

# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "ducoterra"

  4. systemctl enable --now libvirtd

If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem.

Arch Guests

In order to get drivers for spice you'll need the guest spice drivers:

sudo pacman -S qemu-guest-agent spice-vdagent

CUPS Printing

  1. sudo pacman -S cups cups-pdf avahi

  2. sudo vim /etc/nsswitch.conf

    hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns

  3. sudo systemctl start cups

  4. sudo systemctl start avahi-daemon

Steam

https://wiki.archlinux.org/title/Official_repositories#multilib

Edit /etc/pacman.conf

[multilib]
Include = /etc/pacman.d/mirrorlist

sudo pacman -S steam

When prompted, use vulkan-radeon

XWayland

Provides compatibility with X server applications (like wine)

  1. sudo pacman -S xorg-xwayland

Wireguard

Wireguard requires linux-headers. If that isn't installed or is misconfigured your vpn likely won't activate.

  1. sudo pacman -S wireguard-tools

btrbk

  1. Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk.

  2. Create a snapshot config

    /etc/btrbk/snapshots.conf

    snapshot_preserve_min   24h
snapshot_preserve       14d

volume /mnt/btr_pools/root
    subvolume           root
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           home
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           libvirt
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           nextcloud
    snapshot_dir        .snapshots

  3. Then create a snapshot service at /etc/systemd/system/btrbk_snapshots.service

    [Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf

[Service]
ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run

  4. Then create a timer for the service at /etc/systemd/system/btrbk_snapshots.timer

    [Unit]
Description=Run snapshots every hour

[Timer]
OnCalendar=hourly

AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service

[Install]
WantedBy=timers.target

  5. Then enable the service

    systemctl enable --now btrbk_snapshots.conf

VSCode

For the open source version of code install code:

sudo pacman -S code

For the proprietary version of vscode install yay and then:

yay -S visual-studio-code-bin

To save a list of installed extensions run:

code --list-extensions >> vscode_extensions.txt

To install that list of extensions run:

cat vscode_extensions.txt | xargs -L 1 code --install-extension

Apps

Name Description
base-devel makepkg requirement
kubectl kubernetes kubectl
wine wine64 emulator
steam steam
git git
iperf3 iperf3 network speedtest
spotify-launcher official spotify launcher

Bashrc

~/.bashrc

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# User specific binaries
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
    PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATH

# User specific aliases and functions (source .bashrc.d/)
if [ -d ~/.bashrc.d ]; then
        for rc in ~/.bashrc.d/*; do
                if [ -f "$rc" ]; then
                        . "$rc"
                fi
        done
fi

# clear var used in for loop
unset rc

~/.bashrc.d/aliases.sh

# (Mostly) Taken from https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html
# Author: Vivek Gite

## Colorize the ls output ##
alias ls="ls --color=auto"

## Colorize the grep command output for ease of use (good for log files)##
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'

## Make mount human readable ##
alias mount='mount |column -t'

## show open ports ##
alias ports='ss -tulanp'

# do not delete / or prompt if deleting more than 3 files at a time #
alias rm='rm -I --preserve-root'

# confirmation #
alias mv='mv -i'
alias cp='cp -i'
alias ln='ln -i'

# Parenting changing perms on / #
alias chown='chown --preserve-root'
alias chmod='chmod --preserve-root'
alias chgrp='chgrp --preserve-root'

## pass options to free ##
alias meminfo='free -m -l -t'
 
## get top process eating memory
alias psmem='ps auxf | sort -nr -k 4'
alias psmem10='ps auxf | sort -nr -k 4 | head -10'
 
## get top process eating cpu ##
alias pscpu='ps auxf | sort -nr -k 3'
alias pscpu10='ps auxf | sort -nr -k 3 | head -10'

## this one saved by butt so many times ##
alias wget='wget -c'

## set some other defaults ##
alias df='df -H'
alias du='du -ch'

## ls but with file sizes, showing largest at the bottom ## 
alias lst='ls --human-readable --size -1 -S --classify -r'

## ls show only directories
alias lsd='ls -d */'

## Count the number of files in a directory
alias lsc='find . -type f | wc -l'

## ls sort by last modified ##
alias lmt='ls -t -1'

Help

Update Grub

  1. grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT
  2. cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi

Downgrading Kernel

You can find old kernel versions at https://archive.archlinux.org/packages/l/linux/

You can find old kernel-header versions at https://archive.archlinux.org/packages/l/linux-headers/

If you want to downgrade to a previously installed kernel you can use pacman cache:

  1. cd /var/cache/pacman/pkg
  2. pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst
  3. reboot

If you want to downgrade to a kernel that wasn't previously installed:

  1. Download linux... and linux-headers... from above
  2. pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst
  3. reboot
Reference in New Issue View Git Blame Copy Permalink